Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0151 | 1 Mitisoft | 1 Mitisoft | 2025-04-09 | 7.5 HIGH | N/A |
| MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. | |||||
| CVE-2007-2849 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2025-04-09 | 10.0 HIGH | N/A |
| KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check. | |||||
| CVE-2007-0701 | 1 Epistemon | 1 Epistemon | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | |||||
| CVE-2006-6777 | 1 Future Internet | 1 Future Internet | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action. | |||||
| CVE-2006-6301 | 1 Denyhosts | 1 Denyhosts | 2025-04-09 | 5.0 MEDIUM | N/A |
| DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression. | |||||
| CVE-2009-3100 | 2 Sun, X.org | 3 Opensolaris, Solaris, X11 | 2025-04-09 | 4.0 MEDIUM | N/A |
| xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. | |||||
| CVE-2007-2064 | 1 Actionpoll | 1 Actionpoll | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297. | |||||
| CVE-2007-2250 | 1 Phorum | 1 Phorum | 2025-04-09 | 5.0 MEDIUM | N/A |
| admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. | |||||
| CVE-2006-5566 | 1 Webasyst Llc | 1 Shop-script | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters. | |||||
| CVE-2007-1449 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-0927 | 1 Utorrent | 1 Utorrent | 2025-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | |||||
| CVE-2007-0841 | 1 Vbdrupal | 1 Vbdrupal | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. | |||||
| CVE-2006-5768 | 1 Cyberfolio | 1 Cyberfolio | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | |||||
| CVE-2007-4077 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. | |||||
| CVE-2007-3560 | 1 Esqlanelapse | 1 Esqlanelapse | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. | |||||
| CVE-2007-3824 | 1 Mehmet Zati Karahan | 1 Mzk Blog | 2025-04-09 | 10.0 HIGH | N/A |
| SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | |||||
| CVE-2009-3274 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2025-04-09 | 4.4 MEDIUM | N/A |
| Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2683 | 1 Mutt | 1 Mutt | 2025-04-09 | 3.5 LOW | N/A |
| Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | |||||
| CVE-2006-6062 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. | |||||
| CVE-2006-4182 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. | |||||